Welcome to Splunk Answers, a Q&A forum for users to find answers to questions about deploying, managing, and using Splunk products. Contributors of all backgrounds and levels of expertise come here to find solutions to their issues, and to help other users in the Splunk community with their own questions.

This quick tutorial will help you get started with key features to help you find the answers you need. You will receive 10 karma points upon successful completion!

Refine your search:

How to edit my search to return all events from the previous day?

0

HI ,

I'm trying to create a Splunk alert to generate an email based on job failures. My SPL still retrieves records beyond 24 hours even after filtering them, I see redundant records in my alert. My alert should check for any failures and report them as soon as they happen. Not sure where am I going wrong.